> the restore must be able to restore the file to locations like the windows directory
Then the user will need to get the help of someone with an admin account i.e. their IT department (they probably have an admin account themself if it's a home computer). If this happened regularly it would be a problem, but how often do virus scanners false positive on system files and users quarantine them? I would bet not very often.
Problem might be that whoever is clicking restore is likely running that software as an admin thereby the user clicking restore is the admin user. I'm not 100% sure though, but I think that's the behavior.
Edit:
Found this[0] to clarify what happens when you run software as UAC. I can imagine an A/V program needs admin privileges to run altogether.
That will not solve the problem of writing to places an administrator can't write to:
1. Places where only SYSTEM have write access to (e.g. system32)
2. Places where only a specific user have access to (private folder in a file server share). An administrator won't be able to restore user's file without taking ownership on the folder.
The one that clicks the "restore" button.
> the restore must be able to restore the file to locations like the windows directory
Then the user will need to get the help of someone with an admin account i.e. their IT department (they probably have an admin account themself if it's a home computer). If this happened regularly it would be a problem, but how often do virus scanners false positive on system files and users quarantine them? I would bet not very often.